feld on Nostr: the first rule of hosting an important service is "make sure you have more bandwidth ...
the first rule of hosting an important service is "make sure you have more bandwidth than your enemies"
40gbit would probably be a good idea. Even if your servers are only doing 10gbit. But the tricky part is dealing with a distributed attack. So if you're not using a CDN that can absorb it for you and your transit providers don't offer DDoS protection you need enough bandwidth and your own DDoS detection infrastructure as well as a working blackhole routing setup with your transit provider so you can tell them to drop the traffic from the attackers' prefixes before it reaches you.
This is usually too much of a burden and cost for a small hoster with limited funds and manpower, which is why you get roped into using a CDN like CloudFlare...
I don't know what the morally right solution is here but they're going to have a tough time if they think they can handle these things on their own. I'd have just flipped over to CloudFlare and wrote a blog post explaining that the internet is too hostile to not have protection. The End.
40gbit would probably be a good idea. Even if your servers are only doing 10gbit. But the tricky part is dealing with a distributed attack. So if you're not using a CDN that can absorb it for you and your transit providers don't offer DDoS protection you need enough bandwidth and your own DDoS detection infrastructure as well as a working blackhole routing setup with your transit provider so you can tell them to drop the traffic from the attackers' prefixes before it reaches you.
This is usually too much of a burden and cost for a small hoster with limited funds and manpower, which is why you get roped into using a CDN like CloudFlare...
I don't know what the morally right solution is here but they're going to have a tough time if they think they can handle these things on their own. I'd have just flipped over to CloudFlare and wrote a blog post explaining that the internet is too hostile to not have protection. The End.